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CLAIMS 

What is claimed is: 

1 1 . An apparatus for controlling access to a data security device within a data processing 

2 system, said apparatus comprising: 

3 a persistent enable flag for providing control access to said data security device, 

4 wherein said persistent enable flag is write-accessible only in response to a detected power- 

5 on reset of said data processing system; and 

m 

6 M a pending state change flag accessible by runtime program instructions, for setting 

M 

7 \i an intended next state of said persistent enable flag such that control access to said data 

8 |^| security device is enabled only during a subsequent power-on reset of said data processing 

9 system. 

n 

I'll 

1 |^ 2. The apparatus of claim 1, further comprising: 

m 

2 111 a switched power input to said data security device; 

3 a power-on reset detection latch for detecting the occurrence of power applied by said 

4 switched power input; and 



5 



means for determining the state of said power-on reset detection latch. 
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1 3 . The apparatus of claim 2, further comprising means responsive to determining a set 

2 state of said power-on reset detection latch for: 

3 determining the state of said pending state change flag; and 

4 determining a next state of said persistent enable flag in accordance with the 

5 determined state of said pending state change flag. 

1 4. The apparatus of claim 1 , wherein said pending state change flag is write-accessible 

2 by said runtime program instructions and said persistent enable flag is read-only accessible 

3 q to said runtime program instructions. 



1 ] f 4 5. The apparatus of claim 1 , wherein said persistent enable flag and said pending state 

2 f&i change flag are non- volatile storage devices. 

fft 



1 J|| 6. The apparatus of claim 1, wherein said data security device includes memory for 

2 l# receiving and storing data. 

II! 

m 

1 % ^ 7. The apparatus of claim 1 , wherein said data security device includes security portal 

2 functionality for controlling access to data stored within said data processing system. 

1 8. The apparatus of claim 1, wherein said data security device includes control access 

2 includes functionality for enabling or disabling ownership of said data security device, 

3 enabling or disabling enablement of said data security device, or enabling or disabling 

4 activation of said data security device. 
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1 9. A method for providing secure controllability of a data security device within a data 

2 processing system, said method comprising: 



3 responsive to a power-on reset cycle initiated within said data processing system: 



4 determining the state of a pending state change flag, wherein said pending 

5 state change flag is accessible by runtime program instructions for setting an intended 

6 next state of a persistent enable flag that enables or disables runtime control access 

7 to said data security device; and 



8 \w% setting or resetting said persistent enable flag in accordance with the state of 

9 H said pending state change flag. 

M 

1 10. The method of claim 9, wherein said power-on reset steps are preceded by the step 

gp 

2 % •* of setting said pending state change flag in accordance with user input during runtime 




operations of said data processing system. 



1 J#| 1 1 . The method of claim 9, further comprising, responsive to said pending state change 

2 fit flag being set, setting said persistent enable flag such that control access for said data security 

3 device is enabled following said power-on reset. 



i 



2 



3 



12. The method of claim 9, further comprising, responsive to said pending state change 
flag being reset, resetting said persistent enable flag such that control access for said data 
security device is disabled following said power-on reset. 



RPS920010156US1 



-21- 



13. The method of claim 9, wherein said pending state change flag is write-accessible by 
said runtime program instructions and said persistent enable flag is read-only accessible to 
said runtime program instructions. 

14. The method of claim 9, wherein said power-on reset cycle includes execution of 
startup program instructions, said method further comprising: 

responsive to receiving user input within said data processing system, setting or 
resetting a state of said pending state change flag in accordance with said user input; and 

only in response to execution of said startup program instructions within said non- 
volatile programmable memory unit, updating said persistent enable flag to said intended 
state in accordance with the state of said pending state change flag. 

15. The method of claim 9, wherein said data security device includes memory for 
receiving and storing data. 

16. The method of claim 9, wherein said data security device includes security portal 
functionality for controlling access to data stored within said data processing system. 

17. The method of claim 9, wherein said data security device includes control access 
includes functionality for enabling or disabling ownership of said data security device, 
enabling or disabling enablement of said data security device, or enabling or disabling 
activation of said data security device. 
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1 1 8. A computer program product for providing secure controllability of a data security 

2 device within a data processing system, said program product comprising: 

3 program instructions responsive to a power-on reset cycle initiated within said data 

4 processing system for; 

5 determining the state of a pending state change flag, wherein said pending 

6 state change flag is accessible by runtime program instructions for setting an intended 

7 next state of a persistent enable flag that enables or disables runtime control access 

8 to said data security device; and 

9 H setting or resetting said persistent enable flag in accordance with the state of 

10 M said pending state change flag. 

|* 

III 
ifl 

1 ■** 1 9. The computer program product of claim 1 8, further comprising program instructions 

2 Q f° r setting said pending state change flag in accordance with user input during runtime 

3 operations of said data processing system. 

. in 
I! 

1 20. The computer program product of claim 18, further comprising, program instructions 

2 responsive to said pending state change flag being set, for setting said persistent enable flag 

3 such that control access for said data security device is enabled following said power-on 

4 reset. 

1 21. The computer program product of claim 18, further comprising, program instructions 

2 responsive to said pending state change flag being reset, for resetting said persistent enable 

3 flag such that control access for said data security device is disabled following said power-on 

4 reset. 
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22. The computer program product of claim 1 8, wherein said pending state change flag 
is write-accessible by said runtime program instructions and said persistent enable flag is 
read-only accessible to said runtime program instructions. 

23. The computer program product of claim 18, wherein said power-on reset cycle 
includes execution of startup program instructions, said program product further comprising: 

program instructions responsive to receiving user input within said data processing 
system, for setting or resetting a state of said pending state change flag in accordance with 
said user input; and 

program instructions responsive only to execution of said startup program 
instructions within said non-volatile programmable memory unit, for updating said persistent 
enable flag to said intended state in accordance with the state of said pending state change 
flag. 

24. The computer program product of claim 18, wherein said data security device 
includes memory for receiving and storing data. 

25. The computer program product of claim 18, wherein said data security device 
includes security portal functionality for controlling access to data stored within said data 
processing system. 

26. The computer program product of claim 18, wherein said data security device 
includes control access includes functionality for enabling or disabling ownership of said 
data security device, enabling or disabling enablement of said data security device, or 
enabling or disabling activation of said data security device. 



